1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
from .. import controller
from odoo import http
from odoo.http import request
from odoo.tools.config import config
import random, string
class Auth(controller.Controller):
prefix = '/api/v1/'
@http.route(prefix + 'user/login', auth='public', methods=['POST'], csrf=False)
def login(self, **kw):
if not self.authenticate():
return self.response(code=401, description='Unauthorized')
email = kw.get('email')
password = kw.get('password')
if not email or not password:
return self.response(code=400, description='email and password is required')
user = self.get_user(email)
if user and not user.active:
return self.response({
'is_auth': False,
'reason': 'NOT_ACTIVE'
})
try:
uid = request.session.authenticate(config.get('db_name'), email, password)
user = request.env['res.users'].browse(uid)
return self.response({
'is_auth': True,
'user': {
'id': user.id,
'name': user.name,
'email': user.login,
'external': user.share
}
})
except:
return self.response({
'is_auth': False,
'reason': 'NOT_FOUND'
})
@http.route(prefix + 'user/register', auth='public', methods=['POST'], csrf=False)
def register(self, **kw):
if not self.authenticate():
return self.response(code=401, description='Unauthorized')
name = kw.get('name')
email = kw.get('email')
password = kw.get('password')
if not name or not email or not password:
return self.response(code=400, description='email, name and password is required')
user = self.get_user(email)
if user:
return self.response({
'register': False,
'reason': 'EMAIL_USED'
})
user = request.env['res.users'].create({
'name': name,
'login': email,
'password': password,
'active': False,
'sel_groups_1_9_10': 9
})
return self.response({'register': True})
def get_user(self, email):
return request.env['res.users'].search([('login', '=', email), ('active', 'in', [True, False])])
@http.route(prefix + 'user/activation-request', auth='public', methods=['POST'], csrf=False)
def request_activation_user(self, **kw):
if not self.authenticate():
return self.response(code=401, description='Unauthorized')
email = kw.get('email')
user = self.get_user(email)
if not user:
return self.response({'activation_request': False, 'reason': 'NOT_FOUND'})
if user.active:
return self.response({'activation_request': False, 'reason': 'ACTIVE'})
token_source = string.ascii_letters + string.digits
user.activation_token = ''.join(random.choice(token_source) for i in range(20))
return self.response({
'activation_request': True,
'token': user.activation_token,
'user': {
'id': user.id,
'name': user.name,
'email': user.login,
'external': user.share
}
})
@http.route(prefix + 'user/activation', auth='public', methods=['POST'], csrf=False)
def activation_user(self, **kw):
if not self.authenticate():
return self.response(code=401, description='Unauthorized')
token = kw.get('token')
if not token:
return self.response(code=400, description='token is required')
user = request.env['res.users'].search([('activation_token', '=', token), ('active', '=', False)], limit=1)
if not user:
return self.response({'activation': False, 'reason': 'INVALID_TOKEN'})
user.active = True
user.activation_token = ''
return self.response({
'activation': True,
'user': {
'id': user.id,
'name': user.name,
'email': user.login,
'external': user.share
}
})
|
